OPM Director Katherine Archuleta acknowledged Thursday that the number of people affected by separate cyber attacks on U.S. government records disclosed earlier this month "may increase" from the 4.2 million already reported as an "active review" continues.
Archuleta, under fire from Congressional investigators all week regarding the administration’s handling of the massive data breach, said her agency is looking into whether up to 18 million unique Social Security numbers were stolen as part of a hack on security-clearance records.
"I cannot yet provide a more definitive response on the number of individuals affected by the background investigations intrusion, and it may well increase from these initial reports," she said.
The embattled head of the Office of Personnel Management repeated testimony from previous hearings that she is "hesitant to put out a number until we've looked at all the possibilities" regarding the theft of security-clearance records,
Her statements came during testimony before the Senate Homeland Security and Governmental Affairs Committee.
The two hacks into separate OPM databases were discovered in April after new security safeguards were rolled out. Archuleta clarified that the 4.2 million people affected by the first intrusion have already been notified.
Andy Ozment, an assistant secretary at the Department of Homeland Security and head of its National Protection and Programs Directorate, said the two attacks hit "two different sets of data, in two different locations."
China-linked hackers are believed to be responsible for both cyber intrusions, a claim China dismisses as "irresponsible."
The security clearance forms stolen in the second attack contain information that foreign intelligence agencies could use to target espionage operations.